A hacker group known as Chaotic Eclipse, also referred to as Nightmare-Eclipse, has published details about two new Windows exploits called YellowKey and GreenPlasma, both targeting modern Windows systems including Windows 11 and newer Windows Server versions.
The group claims YellowKey can bypass BitLocker encryption protections under certain conditions, while GreenPlasma enables elevated system access through a method involving the Windows CTFMON process.
In a signed blog post, the hackers also issued a direct warning to Microsoft, teasing what they described as a “big surprise” coming in a future security update cycle.
YellowKey Allegedly Bypasses BitLocker on Windows 11
According to the group, the YellowKey exploit targets BitLocker-protected systems running Windows 11 and newer Windows Server releases.
The exploit reportedly works by:
- Copying a specially crafted folder to a USB drive or EFI partition
- Rebooting the system
- Holding specific keyboard combinations during startup
- Gaining access to the locked drive without traditional authentication
Chaotic Eclipse claims the technique can bypass BitLocker protections in specific configurations where physical device access is available.
If verified, the exploit could raise serious concerns for enterprise environments that rely heavily on BitLocker for full-disk encryption security.
GreenPlasma Targets Windows CTFMON Mechanisms
The second exploit, GreenPlasma, allegedly focuses on privilege escalation through a method tied to the Windows CTFMON process.
CTFMON.EXE is a legitimate Windows component responsible for text input, language services, and alternative input features.
According to the hackers:
- The exploit enables elevated system-level access
- It affects Windows 11 and some Windows Server versions
- Only partial exploit code has been publicly released
- The remaining implementation details were intentionally withheld as a challenge for researchers
The group says GreenPlasma is designed more as a proof-of-concept demonstration than a fully weaponized public release.
Hackers Publicly Warn Microsoft
One of the most controversial parts of the announcement is the group’s direct message to Microsoft.
In their signed statement, Chaotic Eclipse accused Microsoft of mishandling previous vulnerability reports and expressed frustration with the company’s response process.
The group stated:
“We have never failed to deliver on a promise.”
They also hinted that Microsoft may face additional disclosures soon, suggesting future exploit releases could be even more significant.
Interestingly, the hackers noted they intentionally avoided targeting Microsoft Defender in this round of disclosures.
Microsoft Has Not Yet Publicly Responded
At the time of writing, Microsoft has not issued an official public response regarding the claims surrounding YellowKey or GreenPlasma.
It also remains unclear whether the vulnerabilities have been independently verified by security researchers.
As with many exploit disclosures published online, some technical claims may be exaggerated or require very specific system conditions to reproduce successfully.
Security researchers will likely spend the coming days analyzing the released materials to determine:
- Whether the exploits function as described
- Which Windows builds are affected
- Whether mitigations already exist
- If emergency patches are required
Why This Matters for Windows Users
Even though the full impact is still unknown, the claims are already attracting attention because they involve two highly sensitive Windows security areas:
- BitLocker encryption bypasses
- Privilege escalation vulnerabilities
BitLocker remains one of Microsoft’s core security features for protecting enterprise laptops and personal devices against unauthorized access.
Meanwhile, privilege escalation exploits are often used by attackers after initial system compromise to gain deeper control over Windows machines.
If either exploit proves reliable, Microsoft could face increased pressure to harden Windows boot security and system privilege protections in future updates.
Keep yourself updated with all latest news about Windows 11 by reading our full coverage here.
Please follow us on our Facebook page and X account for all latest and breaking Windows and Microsoft related news.
